• Home

  • Technology

  • The Real Cost of Waiting When it Comes to Application Security
16
The Real Cost of Waiting to Secure Your Applications

The Real Cost of Waiting When it Comes to Application Security

Tags:

Embed Size (px)

DESCRIPTION

Many vulnerabilities go unresolved because compliance does not require fixing the issues at any point during the development process. However, the cost of fixing software defects post release can be up to 100x the cost of fixing the same issues at beginning of the software development life cycle.

Citation preview

Page 1: The Real Cost of Waiting When it Comes to Application Security

The Real Cost of Waitingto Secure Your Applications

Page 2: The Real Cost of Waiting When it Comes to Application Security

2© 2013 WhiteHat Security, Inc.

BIO

Jeremiah Grossman Founder & CTO of WhiteHat Security Practicing Web security since 2000 International speaker (6-continents) InfoWorld Top 25 CTO Co-founder of the WASC Co-author: XSS Attacks Former Yahoo! information security officer Brazilian Jiu-Jitsu Black Belt

Page 3: The Real Cost of Waiting When it Comes to Application Security

3© 2013 WhiteHat Security, Inc.

BIO

Ryan Berg Chief Security Officer at Sonatype Co-founder and chief scientist

for Ounce Labs Patent holder, author, teacher Co-founded Qiave Technologie

Page 4: The Real Cost of Waiting When it Comes to Application Security

Measuring the Costsurvey summaries

Page 5: The Real Cost of Waiting When it Comes to Application Security
Page 6: The Real Cost of Waiting When it Comes to Application Security

Distribution of Responsibility

* Sonatype

Page 7: The Real Cost of Waiting When it Comes to Application Security

Product Code Deployment

Page 8: The Real Cost of Waiting When it Comes to Application Security

* Sonatype

Page 9: The Real Cost of Waiting When it Comes to Application Security

© 2013 WhiteHat Security, Inc. 9

Top 15 Vulnerability Classes (2012)Percentage likelihood that at least one serious* vulnerability will appear in a website

MOST COMMON VULNS

Page 10: The Real Cost of Waiting When it Comes to Application Security

© 2013 WhiteHat Security, Inc. 10

OVERALL

Overall Vulnerability Population (2012) Percentage breakdown of all the serious* vulnerabilities discovered

(Sorted by vulnerability class)

Page 11: The Real Cost of Waiting When it Comes to Application Security

Addressing Vulnerabilities

* Sonatype

Page 12: The Real Cost of Waiting When it Comes to Application Security

Cost of Fixing Software Defects

* Atom Consulting

Page 13: The Real Cost of Waiting When it Comes to Application Security

© 2013 WhiteHat Security, Inc. 13

Drivers to Resolve Vulnerabilities

Page 14: The Real Cost of Waiting When it Comes to Application Security

© 2013 WhiteHat Security, Inc. 14

Why Vulnerabilities Go Unresolved

Page 15: The Real Cost of Waiting When it Comes to Application Security

Can there be a balance?

Page 16: The Real Cost of Waiting When it Comes to Application Security

The Real Cost of Waitingto Secure Your Applications


Waiting for Godot -- Act 1 Waiting for Godot

Waiting for Godot -- Act 1 Waiting for Godot

Documents
her13253 ch05 176-231 - McGraw-Hill Education€¦ · government. Failure never comes easily, but it comes especially hard when success at little cost is anticipated. Within two years,

her13253 ch05 176-231 - McGraw-Hill Education€¦ · government. Failure never comes easily, but it comes especially hard when success at little cost is anticipated. Within two years,

Documents
Regulation comes at a cost: underpricing and valuation of ... · 1 Regulation comes at a cost: underpricing and valuation of European IPOs Andrea Signoria, Michele Meolib, Silvio

Regulation comes at a cost: underpricing and valuation of ... · 1 Regulation comes at a cost: underpricing and valuation of European IPOs Andrea Signoria, Michele Meolib, Silvio

Documents
USE CASES AND COST BREAKDOWN OF OFF-GRID REFRIGERATION … · Refrigeration System Cost Modelling The majority of a refrigeration system’s cost comes from its power components and

USE CASES AND COST BREAKDOWN OF OFF-GRID REFRIGERATION … · Refrigeration System Cost Modelling The majority of a refrigeration system’s cost comes from its power components and

Documents
WAITING, SMOKING AND PEDESTRIAN SHELTERS 44-47 Theta Waiting Shelter 44 Theta Waiting Shelter with Seating 45 Alpha T Waiting Shelter with Seating 46 Beta Waiting Shelter with Seating

WAITING, SMOKING AND PEDESTRIAN SHELTERS 44-47 Theta Waiting Shelter 44 Theta Waiting Shelter with Seating 45 Alpha T Waiting Shelter with Seating 46 Beta Waiting Shelter with Seating

Documents
PRATIBIMB ितिबब PRATIBIMB Chnge comes from Refecion · PRATIBIMB PRESIDENT’S MESSAGE “Somewhere, something incredible is waiting to be known.” -Carl Sagan Dear Readers,

PRATIBIMB ितिबब PRATIBIMB Chnge comes from Refecion · PRATIBIMB PRESIDENT’S MESSAGE “Somewhere, something incredible is waiting to be known.” -Carl Sagan Dear Readers,

Documents
1 Queuing Systems (2). Queueing Models (Henry C. Co)2 Queuing Analysis Cost of service capacity Cost of customers waiting Cost Service capacity Total

1 Queuing Systems (2). Queueing Models (Henry C. Co)2 Queuing Analysis Cost of service capacity Cost of customers waiting Cost Service capacity Total

Documents
Exploring COFF[IE]: An Industrial Engineering Analysis...Exploring COFF[IE]: An Industrial Engineering Analysis ... opportunity cost of waiting in line. When this cost is applied to

Exploring COFF[IE]: An Industrial Engineering Analysis...Exploring COFF[IE]: An Industrial Engineering Analysis ... opportunity cost of waiting in line. When this cost is applied to

Documents
Theme of Waiting In Waiting for Godot

Theme of Waiting In Waiting for Godot

Education
ENGM 732 Queuing Applications. Motivation Idea: We want to minimize the total cost of a queuing system Let SC = cost of service WC = cost of waiting TC

ENGM 732 Queuing Applications. Motivation Idea: We want to minimize the total cost of a queuing system Let SC = cost of service WC = cost of waiting TC

Documents
The exchange rate pass-through, the internet and the cost of waiting

The exchange rate pass-through, the internet and the cost of waiting

Documents
1st Year Waiting for Funding - gare2.banbeis.gov.bdgare2.banbeis.gov.bd/download/1st-Year-Waiting-for-Funding.pdf · genome analysis Print Rapid and Low Cost ... Adulterants in Mr

1st Year Waiting for Funding - gare2.banbeis.gov.bdgare2.banbeis.gov.bd/download/1st-Year-Waiting-for-Funding.pdf · genome analysis Print Rapid and Low Cost ... Adulterants in Mr

Documents
 · Samuel Beckett Residenztheater München . Waiting for Godot is a play in which two characters are waiting for someone who never comes. We can say that Waiting for Godot is a play

 · Samuel Beckett Residenztheater München . Waiting for Godot is a play in which two characters are waiting for someone who never comes. We can say that Waiting for Godot is a play

Documents
Queuing Theory Basics - Angelfire: Welcome to Angelfire Level of Service Total expected cost Negative Cost of waiting time to company Cost Low level of service Optimal service level

Queuing Theory Basics - Angelfire: Welcome to Angelfire Level of Service Total expected cost Negative Cost of waiting time to company Cost Low level of service Optimal service level

Documents
Duality in sta ng problems: Between holding costs and waiting ...2 The traditional cost formulation assigns a dollar value to customers’ waiting time and places this cost in the

Duality in sta ng problems: Between holding costs and waiting ...2 The traditional cost formulation assigns a dollar value to customers’ waiting time and places this cost in the

Documents
SPORT AND ACTIVE RECREATION...active recreation give as a reason for not doing more. Cost comes a distant second. Cost comes a distant second. • The most common way people pay to

SPORT AND ACTIVE RECREATION...active recreation give as a reason for not doing more. Cost comes a distant second. Cost comes a distant second. • The most common way people pay to

Documents
Tapahtumanhallinnan pulmakohtia ja ratkaisuja · Cooperative termination protocol If participant p comes across the timeout while waiting for the Commit or Abort message from the

Tapahtumanhallinnan pulmakohtia ja ratkaisuja · Cooperative termination protocol If participant p comes across the timeout while waiting for the Commit or Abort message from the

Documents
Waiting

Waiting

Documents
Backdrop CMS Because there’s a cost that comes with change. · Backdrop CMS Because there’s a cost that comes with change. Who are we to judge? Who are we to judge? • Combined

Backdrop CMS Because there’s a cost that comes with change. · Backdrop CMS Because there’s a cost that comes with change. Who are we to judge? Who are we to judge? • Combined

Documents
Chapter 1 INTRODUCTION - University of Agriculture ... like an economic balance between the cost of service and the cost of waiting is obtained. • Probability theory and differential

Chapter 1 INTRODUCTION - University of Agriculture ... like an economic balance between the cost of service and the cost of waiting is obtained. • Probability theory and differential

Documents
FASB's CECL - Why Waiting for Changes May Cost You

FASB's CECL - Why Waiting for Changes May Cost You

Economy & Finance
EDGE COMPETITIVE - Marketing Management Incorporated · PDF filethat the cost of re-merchandising categories can vary by more than 12x. Retail Relevancy Comes at a Cost ... The cost

EDGE COMPETITIVE - Marketing Management Incorporated · PDF filethat the cost of re-merchandising categories can vary by more than 12x. Retail Relevancy Comes at a Cost ... The cost

Documents
Eating at home is (almost) always cheaper than restaurants Consider food costs + drinks, tip, travel cost Time-travel, order, waiting for food, waiting

Eating at home is (almost) always cheaper than restaurants Consider food costs + drinks, tip, travel cost Time-travel, order, waiting for food, waiting

Documents
YOUR MOMENT IS WAITING · dates: worship leader: sign-up deadline: cost: camp communicator: parents’ meeting: money due: location: more: your moment is waiting

YOUR MOMENT IS WAITING · dates: worship leader: sign-up deadline: cost: camp communicator: parents’ meeting: money due: location: more: your moment is waiting

Documents
HERE COMES SANTA! - Gabrieles Philatelic Service |€¦ · HERE COMES SANTA! Believe it or not, Christmas is just weeks away. Your presents are here waiting!! ... Cat. is £550 at

HERE COMES SANTA! - Gabrieles Philatelic Service |€¦ · HERE COMES SANTA! Believe it or not, Christmas is just weeks away. Your presents are here waiting!! ... Cat. is £550 at

Documents
information provided below comes from the IRS's Cost Segregation Audit Techniques Guide, which

information provided below comes from the IRS's Cost Segregation Audit Techniques Guide, which

Documents
Unit 16 Someone Waiting Unit 16 Someone Waiting. Unit 16 Someone Waiting

Unit 16 Someone Waiting Unit 16 Someone Waiting. Unit 16 Someone Waiting

Documents
The Cost of Waiting

The Cost of Waiting

Documents
Can Yardstick Competition Reduce Waiting Times?faculty.london.edu/nsavva/YardstickMar22.pdf · competition achieves rst-best outcomes on both cost and waiting-time reduction and,

Can Yardstick Competition Reduce Waiting Times?faculty.london.edu/nsavva/YardstickMar22.pdf · competition achieves rst-best outcomes on both cost and waiting-time reduction and,

Documents
CAMDEN CITY SCHOOL DISTRICT REGULAR MONTHLY ......Bus: Waiting for Bid Personnel: SBYS Staff will monitor and chaperone the trip. Total Cost Not to Exceed: $880.00 + the cost of transportation

CAMDEN CITY SCHOOL DISTRICT REGULAR MONTHLY ......Bus: Waiting for Bid Personnel: SBYS Staff will monitor and chaperone the trip. Total Cost Not to Exceed: $880.00 + the cost of transportation

Documents